Foren
Authentication in Android with cookies from OpenAM
Irmo Timmann, geändert vor 6 Jahren.
Authentication in Android with cookies from OpenAM
New Member Beiträge: 7 Beitrittsdatum: 07.04.17 Neueste Beiträge
Hello everyone,
I have problems authenticate android app users using a cookie session.
I am developing a LIFERAY Android app. Currently Liferay runs on a Tomcat test server on a local machine. The users are being authenticated using anther test tomcat server hosting an OpenAM server. The OpenAM Server is configured and set inside liferay as a SSO Server. So the users are authenticated in liferay using the OpenAM SSO server providing their credentials and entering a OTP sent with an E-Mail. This works using a browser.
My problem is that I can call the JSON API of OpenAM inside the app and authenticate the user properly but I cannot use this session, the cookie etc. with the liferay SDK.
I am using the liferay screens version 2.1.1 povided using Gradle (the 2.1.2 hotfix seems to be not yet available).
I have access to the cookie provided by OpenAM, the tokenId containing the SSO token value and the JSESSIONID.
Maybe I am not using the correct methods or not using them as intended. I'm using the following code for manually creating a cookie session. I tried using the following code:
So my question is: how can I authenticate Android app users with liferay using OpenAM and OTP and how to establish a conection using the cookie login?
Cookie value:
Full OpenAM token value
SSO Token part
Thanks in advance
Regards,
Irmo
I have problems authenticate android app users using a cookie session.
I am developing a LIFERAY Android app. Currently Liferay runs on a Tomcat test server on a local machine. The users are being authenticated using anther test tomcat server hosting an OpenAM server. The OpenAM Server is configured and set inside liferay as a SSO Server. So the users are authenticated in liferay using the OpenAM SSO server providing their credentials and entering a OTP sent with an E-Mail. This works using a browser.
My problem is that I can call the JSON API of OpenAM inside the app and authenticate the user properly but I cannot use this session, the cookie etc. with the liferay SDK.
I am using the liferay screens version 2.1.1 povided using Gradle (the 2.1.2 hotfix seems to be not yet available).
I have access to the cookie provided by OpenAM, the tokenId containing the SSO token value and the JSESSIONID.
Maybe I am not using the correct methods or not using them as intended. I'm using the following code for manually creating a cookie session. I tried using the following code:
CookieAuthentication cookieAuthentication = new CookieAuthentication("AQIC5wM2LY4Sfcy6o5-Ik7p45JB3MKFBi3Yt_ROH5o7djm8","amlbcookie=01; JSESSIONID=58B40E6527F43EB833F929B3F27E78EE; GUEST_LANGUAGE_ID=en_US","test","password");
Session impl = new SessionImpl("http://openam.example.com", cookieAuthentication, 52000, new Callback() {
@Override
public void inBackground(Response response) {
try {
Log.d("Response", response.getBody());
} catch (Exception e) {
e.printStackTrace();
}
}
@Override
public void doFailure(Exception exception) {
Log.d("Response Session impl", exception.getMessage());
}
});
CookieSignIn.signIn(impl, new CookieSignIn.CookieCallback() {
@Override
public void onSuccess(Session session) {
Log.d("Session", "Logged in: " + SessionContext.isLoggedIn() + " has user info: " + SessionContext.hasUserInfo() + " has UserId: " + SessionContext.getUserId());
}
@Override
public void onFailure(Exception e) {
Log.d("Sign in", e.getMessage());
}
});
So my question is: how can I authenticate Android app users with liferay using OpenAM and OTP and how to establish a conection using the cookie login?
Cookie value:
amlbcookie=01; JSESSIONID=58B40E6527F43EB833F929B3F27E78EE; GUEST_LANGUAGE_ID=en_USFull OpenAM token value
AQIC5wM2LY4SfcyPEDUH4EWMQTc5h6_XyBUEcT5Fo1nkkZE.*AAJTSQACMDEAAlNLABQtNzcwMzE4OTgzMDQ1MjY2Njc2OQ..*SSO Token part
AQIC5wM2LY4SfcyPEDUH4EWMQTc5h6_XyBUEcT5Fo1nkkZEThanks in advance
Regards,
Irmo
Javier Gamarra, geändert vor 6 Jahren.
RE: Authentication in Android with cookies from OpenAM
Expert Beiträge: 348 Beitrittsdatum: 12.02.15 Neueste Beiträge
It isn't exactly the use case we were thinking when we built the cookie authentication but it is definitely one of the use cases we want to support...
Can you attach the error trace? both in the client and the server? Which version of Liferay are you using?
Have you tried the cookie authentication against the Liferay Portal without the OpenAM server? or a curl request?
Thanks in advance!
Can you attach the error trace? both in the client and the server? Which version of Liferay are you using?
Have you tried the cookie authentication against the Liferay Portal without the OpenAM server? or a curl request?
Thanks in advance!
Javier Gamarra, geändert vor 6 Jahren.
RE: Authentication in Android with cookies from OpenAM
Expert Beiträge: 348 Beitrittsdatum: 12.02.15 Neueste Beiträge
Hi!
Did you try again? If you pass me the exceptions I can try to replicate the environment
Did you try again? If you pass me the exceptions I can try to replicate the environment
Irmo Timmann, geändert vor 6 Jahren.
RE: Authentication in Android with cookies from OpenAM
New Member Beiträge: 7 Beitrittsdatum: 07.04.17 Neueste Beiträge
Hi,
sorry for the late reply. I have problems with my configuration. I discovered that using the default login screenlet I could simply bypass the custom authentication using the OpenAM authentication server. So I was able to login with using username , password and loginMode:basic and authenticate without OpenAM. This might be a configuration problem on my server side. As I am new to Liferay my pre configuration might not be sufficient.
What I want to achieve is to authenticate users using the OpenAM SSO token and prevent user from login with just their username and password (at least on first login).
The error I am getting when trying to establish a session using the cookie generate from login in to OpenAM is:
It somehow works if I use the following code. The reason is probably that I use a (needed, otherwise
So basically I wasn't able to get it correctly working.
Researching this I think I at least know where the problem with the cookie sign in is: In CookieSign Class the
The auth Token
sorry for the late reply. I have problems with my configuration. I discovered that using the default login screenlet I could simply bypass the custom authentication using the OpenAM authentication server. So I was able to login with using username , password and loginMode:basic and authenticate without OpenAM. This might be a configuration problem on my server side. As I am new to Liferay my pre configuration might not be sufficient.
What I want to achieve is to authenticate users using the OpenAM SSO token and prevent user from login with just their username and password (at least on first login).
The error I am getting when trying to establish a session using the cookie generate from login in to OpenAM is:
[http-nio-8080-exec-4][LDAPUserImporterImpl:183] Unable to bind to the LDAP server
14:37:33,489 ERROR [http-nio-8080-exec-7][JSONWebServiceServiceAction:97] Access denied to com.liferay.portal.kernel.service.UserService#getCurrentUserIt somehow works if I use the following code. The reason is probably that I use a (needed, otherwise
CookieSignIn.signIn()
Map<string, string> headers = new HashMap<string, string>();
headers.put("Cookie", "COOKIE_SUPPORT=true; " + cookie);
Session session = SessionContext.createBasicSession(login, password);
session.setHeaders(headers);
Session cookieSession = CookieSignIn.signIn(session);
cookieSession.setHeaders(headers);
SessionContext.createCookieSession(cookieSession);
cookieSession.setConnectionTimeout(50000);
CurrentUserConnector userConnector = ServiceProvider.getInstance().getCurrentUserConnector(session);
JSONObject jsonObject = userConnector.getCurrentUser();
Log.d("user",jsonObject.toString());
User user = new User(jsonObject);
SessionContext.setCurrentUser(user);
Log.d("Session", "Logged in: " + SessionContext.isLoggedIn() + " has user info in: " + SessionContext.hasUserInfo() + " has Session: " + SessionContext.getUserId());
SessionContext.storeCredentials(CredentialsStorageBuilder.StorageType.SHARED_PREFERENCES);
if( SessionContext.isLoggedIn() && SessionContext.hasUserInfo()&& SessionContext.getUserId()>0){
Intent intent = new Intent(this, TestAssetListBlogsActivity.class);
startActivity(intent);
}</string,></string,>So basically I wasn't able to get it correctly working.
Researching this I think I at least know where the problem with the cookie sign in is: In CookieSign Class the
parseResponse(
Response response, String server, CookieManager cookieManager,
String username, String password)
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>OpenAM</title>
<div id="messages"></div>
<div id="wrapper">Loading...</div>
<div id="popup">
<div id="popup-content" class="radious"></div>
</div>
<div id="footer"></div>
<div id="dialog-background"></div>
<div id="dialogs"></div>
<script data-main="main" src="libs/requirejs-2.1.14-min.js"></script>
The auth Token
Liferay.authTokentml>
<he< code></he<><br>The cookieHeader String variable ist correctly (I assume) set: <pre><code>JSESSIONID=2C665A2F73420A298DA1BF51A7307CBD;</code></pre><br><br>So basically it seems that I have 2 problems/questions:<br><ul><li> Is the login using basic authentication required for login? How to disable it and rely complety on OpenAM and cookie authentication for mobile and JSON (without writing custom authentication modules)?</li><li> How to solve the problem with what seems to be a loading or redirection page in OpenAM and use a correct Liferay page and token?</li></ul><br><br>Whoa, that turned out to be more text and code than expected. Sorry for that. I hope I cleared things up a bit. Any help solving my login problems is much appreciated.<br>Thanks